Avesta Hojjati, VP of Engineering, DigiCert featured on the latest episode of IoT Unplugged, talking about the challenges in securing IoT devices and networks today.
The main issues include securing ‘brownfield’ devices that were not designed with security in mind and have already been deployed, the growing number of IoT devices, and the computational limitations of many IoT devices that restrict the security solutions that can be implemented.
A significant threat on the horizon is quantum computing, as quantum computers can quickly break many of the current encryption algorithms. To address this, the National Institute of Standards and Technology (NIST) has announced a set of post-quantum cryptography algorithms designed to be secure against both classical and quantum computers. DigiCert has been collaborating with NIST for the past eight years, reviewing and testing these quantum-safe algorithms to ensure they are suitable for various use cases, including resource-constrained IoT devices.
The concept of ‘crypto agility’ is crucial, involving having visibility into the cryptographic assets in the environment and the ability to automatically replace outdated algorithms. This helps organisations transition to the new quantum-safe algorithms. Key recommendations include gaining visibility into the cryptographic assets, implementing automation to replace algorithms, and developing a plan to deploy crypto agility, potentially starting with smaller teams.
To hear more from Avesta Hojjati and his insights into becoming ‘crypto agile’, tune into the full podcast episode available on Spotify, Apple Podcasts, and at the link below.